Re: selecting random key from hash

Another thought. If you are using 5.8.1 or later, then you shouldn't have to do use rand to get a random selection of hash keys. Using any of keys, values or each should give you a randomized sequence each time you call them and different for each run.

However, my AS builds all seem to have this security feature explicitly disabled, and all my attempts to enable it on a self-built copy of 5.8.4 come to naught so far.

I know what I'm supposed to set, but the deltas , POD and comments on the subject only refer to doing this with a Configure time option which is only applicable to *nix.

Anyone know how to do this for win32? Becasue it certainly doesn't seem to enabled by default, which the docs suggest it should be.

Examine what is said, not who speaks.

"Efficiency is intelligent laziness." -David Dunham
"Think for yourself!" - Abigail
"Memory, processor, disk in that order on the hardware side. Algorithm, algoritm, algorithm on the code side." - tachyon

Comment on Re: selecting random key from hash

Replies are listed 'Best First'.
Re^2: selecting random key from hash by hv (Prior) on Jul 13, 2004 at 09:23 UTC
In latest perls, the hashing seed used is randomised to avoid certain types of DOS attacks. However, it is not randomised at each use - instead, each time a new key is added to the hash perl checks whether the hash is becoming heavily unbalanced (either due to an injection attack or due to simple bad luck), and re-hashes only if it is. In normal use, the rehashing should rarely happen. And that's just as well because it is relatively expensive. (Before you ask, I'd add that this is not vulnerable to a higher level DOS attack that forces constant rehashing unless the attacker can predict the new random hash seed that will be selected.) Hugo	[reply]
Re^3: selecting random key from hash by BrowserUk (Patriarch) on Jul 13, 2004 at 09:37 UTC
Thanks Hugo. I remember the discussion from when it came up originally. I even came up with a suggestion for fixing it that wasn't a million miles away from what got implemented, though I doubt my half-cocked idea was any influence :) Given the OP was picking 4 at a time from a "very large hash", the inherent randomness (assuming he has it enabled (or can work out how to enable it!! Argggh!)), might be sufficiently random for his purpose. It would have an advantage over the other solutions presented, in that it would avoid duplicates whilst ensuring full coverage. If that is a requirement. Examine what is said, not who speaks. "Efficiency is intelligent laziness." -David Dunham "Think for yourself!" - Abigail "Memory, processor, disk in that order on the hardware side. Algorithm, algoritm, algorithm on the code side." - tachyon	[reply]